Mededeling

Collapse
No announcement yet.

internet en pc zelf zeer traag

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    internet en pc zelf zeer traag

    Hallo,

    De pc van mijn zus is zeer traag.. internet is erg traag en ook de reactie tijd van de pc zelf is zeer traag.

    Hieronder is de hijackthis log.. zou iemand mij kunnen vertellen als dat er goed uitziet of niet?

    BVD.

    Hijackthis log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:28:13, on 31-12-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\drivers\etc\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\taskmqr.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\dllcache\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\nvsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ps2.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
    C:\WINDOWS\system32\ccPrxy.exe
    C:\WINDOWS\system32\SP00LSV.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compaqnet.be
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ccPrxy.exe] ccPrxy.exe
    O4 - HKLM\..\Run: [SP00LSV.EXE] SP00LSV.EXE
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Policies\Explorer\Run: [IEXPLORE.EXE] C:\Program Files\Internet Exp1orer\IEXPLORE.EXE
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
    O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
    O4 - Startup: ubisoft register.lnk = F:\program files\Ubi Soft\Rayman3\Register\schedule.exe
    O4 - Startup: Update.exe
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: officejet 6100.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Search - http://kc.bar.need2find.com/KC/menusearch.html?p=KC
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?8ff5ad232525419695a72668659cbdaf
    O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?8ff5ad232525419695a72668659cbdaf
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.compaqnet.be
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://13prinses13.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CBFB01F0-E220-4B4B-9C91-54D5B27B76B1}: NameServer = 195.121.1.34,195.121.1.66
    O18 - Filter hijack: text/html - (no CLSID) - (no file)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Windows iNET Time (fag) - Unknown owner - C:\WINDOWS\system32\drivers\etc\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\taskmqr.exe
    O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\dllcache\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\nvsvc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O24 - Desktop Component 0: (no name) - http://www.123spelen.nl/img/back_midden.gif

    --
    End of file - 8722 bytes
    Labels: Geen
    • Citaat
  • #2
    Hallo



    Voer de volgende acties eerst uit:
    Klik op Start -> (Settings) -> Configuratiescherm -> Software en verwijder het volgende programma:
    Need2FindBar
    Need2Find Bar


    start opnieuw op.


    Start Hijackthis op en kies voor 'Do a system scan only'
    Selecteer alleen de items die hieronder zijn genoemd:

    O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
    O4 - HKLM\..\Run: [ccPrxy.exe] ccPrxy.exe
    O8 - Extra context menu item: &Search - http://kc.bar.need2find.com/KC/menusearch.html?p=KC

    Sluit alle vensters behalve Hijackthis
    Klik op 'Fix checked' om de items te verwijderen.


    Open de verkenner ("Mijn Computer") en kies Extra -> Mapopties...
    Controleer onder Weergave de volgende instellingen:

    Uitzetten: Beveiligde besturingssysteembestanden verbergen (aanbevolen)
    Uitzetten: Extensies voor bekende bestandstypen verbergen

    Selecteer: De inhoud van systeemmappen weergeven (alleen bij XP)
    Selecteer: Verborgen bestanden en mappen weergeven

    Verwijder de volgende directories/bestanden:
    C:\Program Files\Need2Find\bar\1.bin\
    C:\Program Files\RXToolBar\Semantic Insight\
    ccPrxy.exe (even zoeken met verkenner )

    Download Java Runtime Environment (JRE) 6u3.
    • Scroll omlaag naar : "Java Runtime Environment (JRE) 6 Update ".
    • Klik op de "Download" knop aan de rechterkant.
    • Vink aan: "Accept License Agreement".
    • De pagina zal herladen.
    • Klik op de link om Windows Offline Installation te downloaden met Meerdere-talen, en bewaar het naar je Bureaublad.
    • Sluit alle programma's die eventueel open zijn - Zeker je web browser!
    • Ga dan naar Start > Configuratiescherm > Software en verwijder alle oudere versies van Java uit de Softwarelijst.
    • Vink alles aan met Java Runtime Environment (JRE of J2SE) in de naam.
    • Klik dan op Verwijderen of op de Wijzig/Verwijder knop.
    • Herhaal dit tot alle oudere versies verdwenen zijn.
    • Na het verwijderen van alle oudere versies, herstart je pc.
    • Dubbelklik vervolgens op jre-6u3-windows-i586-p.exe op je Bureaublad om de nieuwste versie van Java te installeren.


    Download Combofix naar je Bureaublad.
    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link, want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw. Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
    • Dubbelklik op Combofix.exe
      Volg de instructies, aanvaard de disclaimer door 1 (continue) te typen, gevolgd door ENTER.
      Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
    Plaats deze log in je volgende post samen met een nieuw HijackThis log.

    Windows 10 opstarten in Veilige Modus
    • Citaat

    Comment

    • #3
      nieuwe hijack en combofix logs

      Hoi Juisterr..

      bedankt voor je reactie. hieronder zijn de laatste HijackThis en de Combofix logs..

      Combofix log..

      ComboFix 08-01-05.7 - Eigenaar 2008-01-05 15:20:04.1 - NTFSx86
      Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
      * Nieuw herstelpunt werd aangemaakt
      .

      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\Eigenaar\Application Data\macromedia\Flash Player\#SharedObjects\9NZ96A5L\iforex.com
      C:\Documents and Settings\Eigenaar\Application Data\macromedia\Flash Player\#SharedObjects\9NZ96A5L\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
      C:\Documents and Settings\Eigenaar\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
      C:\Documents and Settings\Eigenaar\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
      C:\Program Files\microsoft 0ffice
      C:\Program Files\microsoft 0ffice\WINWORD.EXE
      C:\WINDOWS\Fonts\acrsecB.fon
      C:\WINDOWS\Fonts\acrsecI.fon

      .
      (((((((((((((((((((( Bestanden Gemaakt van 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))
      .

      2008-01-05 15:19 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
      2008-01-05 15:16 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
      2008-01-05 15:13 . 2008-01-05 15:16 <DIR> d-------- C:\Program Files\Java
      2008-01-05 15:13 . 2008-01-05 15:13 <DIR> d-------- C:\Program Files\Common Files\Java
      2007-12-29 19:52 . 2007-12-29 19:52 39,424 --ahs---- C:\WINDOWS\ld.exe
      2007-12-29 19:52 . 2007-12-29 19:52 25,088 --ahs---- C:\WINDOWS\sy.exe
      2007-12-29 19:52 . 2007-12-29 19:52 23,552 --ahs---- C:\WINDOWS\ldup.exe
      2007-12-25 21:01 . 2007-12-25 21:01 <DIR> d-------- C:\WINDOWS\Cache
      2007-12-25 20:59 . 2007-12-25 20:59 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
      2007-12-25 20:59 . 2004-12-07 10:11 258,352 --a------ C:\WINDOWS\system32\unicows.dll
      2007-12-25 20:59 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
      2007-12-25 20:58 . 2007-12-25 20:58 <DIR> d-------- C:\WINDOWS\Setup533
      2007-12-25 20:58 . 2002-10-21 11:37 515,803 --a------ C:\WINDOWS\system32\drivers\Ca533av.sys
      2007-12-25 20:58 . 2002-01-19 15:33 131,072 --a------ C:\WINDOWS\system32\SP5X_32.DLL
      2007-12-25 20:58 . 2000-04-12 12:25 118,784 --a------ C:\WINDOWS\ShowBmp.exe
      2007-12-25 20:58 . 2002-05-02 17:26 65,536 --a------ C:\WINDOWS\amcap533.exe
      2007-12-25 20:58 . 2002-07-30 19:40 16,384 --a------ C:\WINDOWS\system32\Dext533.ax
      2007-12-25 20:58 . 2002-07-25 11:19 10,986 --a------ C:\WINDOWS\system32\drivers\Bulk533.sys
      2007-12-25 20:58 . 2003-01-06 13:33 1,325 --a------ C:\WINDOWS\Remove.ini
      2007-12-25 20:52 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
      2007-12-25 20:52 . 2001-11-02 15:08 163,840 --a------ C:\WINDOWS\system32\PhotoImpression Screen Saver.scr
      2007-12-25 20:50 . 2007-12-25 20:58 <DIR> d-------- C:\Program Files\ArcSoft
      2007-12-25 19:56 . 2004-08-04 07:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
      2007-12-25 19:56 . 2004-08-04 07:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
      2007-12-18 18:07 . 2008-01-05 15:08 7,756 --ah----- C:\WINDOWS\netsvc.exe

      .
      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-01-05 14:09 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Skype
      2008-01-05 14:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared
      2007-12-25 19:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2007-12-01 06:16 --------- d-----w C:\Program Files\Windows Live Toolbar
      2007-12-01 05:58 --------- d-----w C:\Program Files\Windows Live Favorites
      2007-11-15 15:27 --------- d-----w C:\Program Files\Alwil Software
      2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
      2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
      2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
      2005-07-13 15:52 40,040 ----a-w C:\Documents and Settings\Eigenaar\Application Data\GDIPFONTCACHEV1.DAT
      2002-11-11 16:39 21,504 --sha-w C:\WINDOWS\infrom.dat
      2003-07-20 11:02 32 --sha-w C:\WINDOWS\{896446E7-1FB8-4BCD-B044-574F4EF7EBC1}.dat
      2002-11-11 16:39 23,552 --sha-w C:\WINDOWS\system32\ccPrxy.exe
      2003-07-20 11:02 32 --sha-w C:\WINDOWS\system32\{DA75C18B-481B-4F57-A02E-52F63CC79F66}.dat
      2003-11-18 19:13 69,632 --sh--w C:\WINDOWS\system32\config\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\handle.exe
      2003-11-18 19:14 29,696 --sh--w C:\WINDOWS\system32\config\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\hidden32.exe
      2003-11-18 19:15 77,824 --sh--w C:\WINDOWS\system32\config\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\kill.exe
      2003-11-18 19:15 86,016 --sh--w C:\WINDOWS\system32\config\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\pslist.exe
      2003-11-18 18:58 90,112 -csh--w C:\WINDOWS\system32\dllcache\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\AdmDll.dll
      2003-11-18 19:00 241,664 -csh--w C:\WINDOWS\system32\dllcache\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\nvsvc.exe
      2003-11-18 19:01 36,864 -csh--w C:\WINDOWS\system32\dllcache\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\nvsvc32.dll
      2003-11-18 19:01 29,408 -csh--w C:\WINDOWS\system32\dllcache\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\raddrv.dll
      2003-11-18 19:01 1,484 -csh--w C:\WINDOWS\system32\dllcache\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\radmin.reg
      2003-11-18 19:02 28,672 -csh--w C:\WINDOWS\system32\dllcache\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\secure.exe
      2003-11-19 01:35 388 --sha-w C:\WINDOWS\system32\drivers\etc\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\dir.sys
      2003-11-18 19:08 103,936 --sh--w C:\WINDOWS\system32\drivers\etc\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\JAcheck.dll
      2003-11-18 19:08 2,104 --sh--w C:\WINDOWS\system32\drivers\etc\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\printer.sys
      2003-11-18 19:12 569,856 --sha-w C:\WINDOWS\system32\drivers\etc\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\taskmqr.exe
      2003-11-19 01:36 315 --sha-w C:\WINDOWS\system32\drivers\etc\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\wininisys.sys
      .

      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NVIEW"="nview.dll" [2002-09-30 23:39 548933 C:\WINDOWS\system32\nview.dll]
      "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-04-13 10:25 18576936]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04 52736]
      "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-09-09 07:05 114688]
      "StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 08:01 155648]
      "WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 19:40 143360]
      "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 21:42 212992]
      "NvCplDaemon"="NvQTwk"
      "nwiz"="nwiz.exe" [2002-09-30 23:39 372736 C:\WINDOWS\system32\nwiz.exe]
      "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 19:28 81920]
      "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-07-15 14:56 57984]
      "ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2003-07-15 14:50 58608]
      "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-06 23:19 188416]
      "SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-11-12 10:02 860672]
      "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-05-16 08:51 95960]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06 79224]
      "SP00LSV.EXE"="SP00LSV.EXE" [2002-11-11 17:39 39424 C:\WINDOWS\system32\SP00LSV.EXE]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2005-02-01 15:46 263776]

      C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
      hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-11-26 20:18:52]
      Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]
      officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-11-26 19:43:46]
      WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2004-05-05 18:08:37]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
      "IEXPLORE.EXE"= C:\Program Files\Internet Exp1orer\IEXPLORE.EXE

      R2 fag;Windows iNET Time;C:\WINDOWS\system32\drivers\etc\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\taskmqr.exe [2003-11-18 20:12]
      R2 r_server;Remote Administrator Service;"C:\WINDOWS\system32\dllcache\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\nvsvc.exe" [2003-11-18 20:00]
      S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2001-10-03 09:10]
      S3 pnicml;pnicml;C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\pnicml.sys [2002-02-05 09:41]
      S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-07-25 11:19]

      *Newly Created Service* - PROCEXP90
      .
      Inhoud van de 'Gedeelde Taken' map
      "2008-01-05 13:42:06 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job"
      - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
      "2004-04-01 08:31:16 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1070442567.job"
      - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe:-I
      "2008-01-04 16:46:21 C:\WINDOWS\Tasks\Symantec NetDetect.job"
      - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-01-05 15:24:20
      Windows 5.1.2600 Service Pack 2 NTFS

      scannen van verborgen processen ...

      scannen van verborgen autostart items ...

      scannen van verborgen bestanden ...

      Scan succesvol afgerond
      verborgen bestanden: 0

      **************************************************************************
      .
      Voltooingstijd: 2008-01-05 15:25:11
      ComboFix-quarantined-files.txt 2008-01-05 14:24:49
      .
      2007-12-21 07:41:22 --- E O F ---


      en de HijackThis log..

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 15:38:40, on 5-1-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\drivers\etc\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\taskmqr.exe
      C:\Program Files\Norton AntiVirus\navapsvc.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\WINDOWS\system32\dllcache\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\nvsvc.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\wuauclt.exe
      C:\windows\system\hpsysdrv.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\system32\ps2.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
      C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\system32\SP00LSV.EXE
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
      C:\Program Files\WinZip\WZQKPICK.EXE
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
      C:\Program Files\internet explorer\iexplore.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compaqnet.be
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
      O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
      O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
      O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
      O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
      O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [SP00LSV.EXE] SP00LSV.EXE
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Policies\Explorer\Run: [IEXPLORE.EXE] C:\Program Files\Internet Exp1orer\IEXPLORE.EXE
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
      O4 - Startup: ubisoft register.lnk = F:\program files\Ubi Soft\Rayman3\Register\schedule.exe
      O4 - Startup: Update.exe
      O4 - Global Startup: hpoddt01.exe.lnk = ?
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: officejet 6100.lnk = ?
      O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
      O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?8ff5ad232525419695a72668659cbdaf
      O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?8ff5ad232525419695a72668659cbdaf
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
      O14 - IERESET.INF: START_PAGE_URL=http://www.compaqnet.be
      O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://13prinses13.spaces.live.com/PhotoUpload/MsnPUpld.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{CBFB01F0-E220-4B4B-9C91-54D5B27B76B1}: NameServer = 195.121.1.34,195.121.1.66
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Windows iNET Time (fag) - Unknown owner - C:\WINDOWS\system32\drivers\etc\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\taskmqr.exe
      O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
      O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\dllcache\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\nvsvc.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      O24 - Desktop Component 0: (no name) - http://www.123spelen.nl/img/back_midden.gif

      --
      End of file - 8553 bytes
      • Citaat

      Comment

      • #4
        Start Hijackthis op en kies voor 'Do a system scan only'
        Selecteer alleen de items die hieronder zijn genoemd:

        O4 - HKLM\..\Run: [SP00LSV.EXE] SP00LSV.EXE
        O4 - HKCU\..\Policies\Explorer\Run: [ IEXPLORE.EXE] C:\Program Files\Internet Exp1orer\IEXPLORE.EXE
        O4 - Startup: Update.exe
        O23 - Service: Windows iNET Time (fag) - Unknown owner - C:\WINDOWS\system32\drivers\etc\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\taskmqr.exe
        O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\dllcache\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\nvsvc.exe

        Klik op 'Fix checked' om de items te verwijderen.







        Open Kladblok, kopi&#235;er en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

        • File::
          C:Windows\System32\SP00LSV.EXE
          C:\WINDOWS\ld.exe
          C:\WINDOWS\sy.exe
          C:\WINDOWS\ldup.exe
          C:\WINDOWS\system32\ccPrxy.exe
          C:\WINDOWS\infrom.dat

          Folder::
          C:\Program Files\Internet Exp1orer\
          C:\WINDOWS\system32\dllcache\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}
          C:\WINDOWS\system32\drivers\etc\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}

        Sla dit op op je Bureaublad als CFScript.txt.

        Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



        Dit zal ComboFix doen herstarten.

        Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.

        plaats ook een nieuw HJT logje aub.
        Last edited by Juisterr; 06-01-08, 11:10.

        Windows 10 opstarten in Veilige Modus
        • Citaat

        Comment

        • #5
          CFSript en hijack log

          Hoi Juisterr.. een beetje laat maar hierbij de CFSript en hijack log


          ComboFix 08-01-05.7 - Eigenaar 2008-01-11 19:20:00.2 - NTFSx86
          Gestart vanuit: C:\Documents and Settings\Eigenaar\Bureaublad\ComboFix.exe
          Command switches used :: C:\Documents and Settings\Eigenaar\Bureaublad\CFScript.txt
          * Nieuw herstelpunt werd aangemaakt

          FILE
          C:\WINDOWS\infrom.dat
          C:\WINDOWS\ld.exe
          C:\WINDOWS\ldup.exe
          C:\WINDOWS\sy.exe
          C:\WINDOWS\system32\ccPrxy.exe
          .

          (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
          .

          C:\Program Files\Internet Exp1orer\
          C:\Program Files\Internet Exp1orer\\IEXPLORE.EXE
          C:\WINDOWS\infrom.dat
          C:\WINDOWS\ld.exe
          C:\WINDOWS\ldup.exe
          C:\WINDOWS\sy.exe
          C:\WINDOWS\system32\ccPrxy.exe
          C:\WINDOWS\system32\dllcache\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}
          C:\WINDOWS\system32\dllcache\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\AdmDll.dll
          C:\WINDOWS\system32\dllcache\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\nvsvc.exe
          C:\WINDOWS\system32\dllcache\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\nvsvc32.dll
          C:\WINDOWS\system32\dllcache\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\raddrv.dll
          C:\WINDOWS\system32\dllcache\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\radmin.reg
          C:\WINDOWS\system32\dllcache\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\secure.exe
          C:\WINDOWS\system32\drivers\etc\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}
          C:\WINDOWS\system32\drivers\etc\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\dir.sys
          C:\WINDOWS\system32\drivers\etc\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\JAcheck.dll
          C:\WINDOWS\system32\drivers\etc\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\JAcheck.ini
          C:\WINDOWS\system32\drivers\etc\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\printer.sys
          C:\WINDOWS\system32\drivers\etc\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\svchost.dll
          C:\WINDOWS\system32\drivers\etc\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\taskmqr.exe
          C:\WINDOWS\system32\drivers\etc\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\wininisys.sys

          .
          (((((((((((((((((((( Bestanden Gemaakt van 2007-12-11 to 2008-01-11 ))))))))))))))))))))))))))))))
          .

          2008-01-05 15:19 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
          2008-01-05 15:16 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
          2008-01-05 15:13 . 2008-01-05 15:16 <DIR> d-------- C:\Program Files\Java
          2008-01-05 15:13 . 2008-01-05 15:13 <DIR> d-------- C:\Program Files\Common Files\Java
          2007-12-25 21:01 . 2007-12-25 21:01 <DIR> d-------- C:\WINDOWS\Cache
          2007-12-25 20:59 . 2007-12-25 20:59 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
          2007-12-25 20:59 . 2004-12-07 10:11 258,352 --a------ C:\WINDOWS\system32\unicows.dll
          2007-12-25 20:59 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
          2007-12-25 20:58 . 2007-12-25 20:58 <DIR> d-------- C:\WINDOWS\Setup533
          2007-12-25 20:58 . 2002-10-21 11:37 515,803 --a------ C:\WINDOWS\system32\drivers\Ca533av.sys
          2007-12-25 20:58 . 2002-01-19 15:33 131,072 --a------ C:\WINDOWS\system32\SP5X_32.DLL
          2007-12-25 20:58 . 2000-04-12 12:25 118,784 --a------ C:\WINDOWS\ShowBmp.exe
          2007-12-25 20:58 . 2002-05-02 17:26 65,536 --a------ C:\WINDOWS\amcap533.exe
          2007-12-25 20:58 . 2002-07-30 19:40 16,384 --a------ C:\WINDOWS\system32\Dext533.ax
          2007-12-25 20:58 . 2002-07-25 11:19 10,986 --a------ C:\WINDOWS\system32\drivers\Bulk533.sys
          2007-12-25 20:58 . 2003-01-06 13:33 1,325 --a------ C:\WINDOWS\Remove.ini
          2007-12-25 20:52 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
          2007-12-25 20:52 . 2001-11-02 15:08 163,840 --a------ C:\WINDOWS\system32\PhotoImpression Screen Saver.scr
          2007-12-25 20:50 . 2007-12-25 20:58 <DIR> d-------- C:\Program Files\ArcSoft
          2007-12-25 19:56 . 2004-08-04 07:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
          2007-12-25 19:56 . 2004-08-04 07:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
          2007-12-18 18:07 . 2008-01-10 20:56 7,756 --ah----- C:\WINDOWS\netsvc.exe

          .
          ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2008-01-11 18:12 --------- d-----w C:\Documents and Settings\Eigenaar\Application Data\Skype
          2008-01-10 19:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
          2007-12-25 19:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
          2007-12-01 06:16 --------- d-----w C:\Program Files\Windows Live Toolbar
          2007-12-01 05:58 --------- d-----w C:\Program Files\Windows Live Favorites
          2007-11-15 15:27 --------- d-----w C:\Program Files\Alwil Software
          2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
          2007-11-07 09:30 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
          2007-10-29 22:45 1,291,776 ----a-w C:\WINDOWS\system32\quartz.dll
          2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
          2005-07-13 15:52 40,040 ----a-w C:\Documents and Settings\Eigenaar\Application Data\GDIPFONTCACHEV1.DAT
          2003-07-20 11:02 32 --sha-w C:\WINDOWS\{896446E7-1FB8-4BCD-B044-574F4EF7EBC1}.dat
          2003-07-20 11:02 32 --sha-w C:\WINDOWS\system32\{DA75C18B-481B-4F57-A02E-52F63CC79F66}.dat
          2003-11-18 19:13 69,632 --sh--w C:\WINDOWS\system32\config\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\handle.exe
          2003-11-18 19:14 29,696 --sh--w C:\WINDOWS\system32\config\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\hidden32.exe
          2003-11-18 19:15 77,824 --sh--w C:\WINDOWS\system32\config\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\kill.exe
          2003-11-18 19:15 86,016 --sh--w C:\WINDOWS\system32\config\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\pslist.exe
          .

          ((((((((((((((((((((((((((((( [email protected]_15.24.27,43 )))))))))))))))))))))))))))))))))))))))))
          .
          + 2007-10-30 16:53:32 360,832 ----a-w C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
          + 2007-03-06 01:58:22 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spmsg.dll
          + 2007-03-06 01:58:28 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB941644\spuninst.exe
          + 2007-03-06 01:58:21 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\spcustom.dll
          + 2007-03-06 01:58:46 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\update.exe
          + 2007-03-06 01:59:37 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB941644\update\updspapi.dll
          + 2007-11-07 09:51:06 732,160 ----a-w C:\WINDOWS\$hf_mig$\KB943485\SP2QFE\lsasrv.dll
          + 2007-03-06 01:58:22 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spmsg.dll
          + 2007-03-06 01:58:28 216,800 ----a-w C:\WINDOWS\$hf_mig$\KB943485\spuninst.exe
          + 2007-03-06 01:58:21 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\spcustom.dll
          + 2007-03-06 01:58:46 725,728 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\update.exe
          + 2007-03-06 01:59:37 389,856 ----a-w C:\WINDOWS\$hf_mig$\KB943485\update\updspapi.dll
          - 2006-08-17 12:30:16 727,040 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
          + 2007-11-07 09:30:24 727,040 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll
          - 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
          + 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\system32\dllcache\tcpip.sys
          - 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
          + 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
          - 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
          + 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
          + 2008-01-09 19:45:23 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_568.dat
          .
          ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          REGEDIT4
          *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "NVIEW"="nview.dll" [2002-09-30 23:39 548933 C:\WINDOWS\system32\nview.dll]
          "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-04-13 10:25 18576936]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04 52736]
          "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-09-09 07:05 114688]
          "StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 08:01 155648]
          "WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2002-02-20 19:40 143360]
          "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 21:42 212992]
          "NvCplDaemon"="NvQTwk"
          "nwiz"="nwiz.exe" [2002-09-30 23:39 372736 C:\WINDOWS\system32\nwiz.exe]
          "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 19:28 81920]
          "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-07-15 14:56 57984]
          "ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2003-07-15 14:50 58608]
          "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-06 23:19 188416]
          "SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-11-12 10:02 860672]
          "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-05-16 08:51 95960]
          "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06 79224]
          "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

          [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
          "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2005-02-01 15:46 263776]

          C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
          hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-11-26 20:18:52]
          Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]
          officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-11-26 19:43:46]
          WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2004-05-05 18:08:37]

          R2 fag;Windows iNET Time;C:\WINDOWS\system32\drivers\etc\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\taskmqr.exe
          R2 r_server;Remote Administrator Service;"C:\WINDOWS\system32\dllcache\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\nvsvc.exe"
          S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2001-10-03 09:10]
          S3 pnicml;pnicml;C:\DOCUME~1\Eigenaar\LOCALS~1\Temp\pnicml.sys
          S3 USBCamera;Icatch(IV) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk533.sys [2002-07-25 11:19]

          .
          Inhoud van de 'Gedeelde Taken' map
          "2008-01-11 17:42:01 C:\WINDOWS\Tasks\Controleren op updates voor Windows Live Toolbar.job"
          - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
          "2004-04-01 08:31:16 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1070442567.job"
          - C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe:-I
          "2008-01-11 16:46:22 C:\WINDOWS\Tasks\Symantec NetDetect.job"
          - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
          .
          **************************************************************************

          catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
          Rootkit scan 2008-01-11 19:25:30
          Windows 5.1.2600 Service Pack 2 NTFS

          scannen van verborgen processen ...

          scannen van verborgen autostart items ...

          scannen van verborgen bestanden ...

          Scan succesvol afgerond
          verborgen bestanden: 0

          **************************************************************************
          .
          Voltooingstijd: 2008-01-11 19:26:27
          ComboFix-quarantined-files.txt 2008-01-11 18:26:04
          ComboFix2.txt 2008-01-05 14:25:12
          .
          2008-01-09 06:31:17 --- E O F ---



          En de Hijack log

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 19:58:39, on 11-1-2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          C:\Program Files\Alwil Software\Avast4\ashServ.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\system32\drivers\CDAC11BA.EXE
          C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
          C:\Program Files\Norton AntiVirus\navapsvc.exe
          C:\WINDOWS\System32\nvsvc32.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
          C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\system32\wscntfy.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\windows\system\hpsysdrv.exe
          C:\WINDOWS\system32\RUNDLL32.EXE
          C:\WINDOWS\system32\ps2.exe
          C:\Program Files\Common Files\Symantec Shared\ccApp.exe
          C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
          C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
          C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
          C:\WINDOWS\system32\rundll32.exe
          C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
          C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
          C:\Program Files\WinZip\WZQKPICK.EXE
          C:\WINDOWS\system32\wuauclt.exe
          C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
          C:\Program Files\internet explorer\iexplore.exe
          C:\Program Files\Messenger\msmsgs.exe
          C:\Program Files\HijackThis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.compaqnet.be
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
          O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
          O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
          O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
          O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
          O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
          O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
          O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
          O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
          O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded
          O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
          O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
          O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
          O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
          O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
          O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
          O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
          O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
          O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
          O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
          O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
          O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
          O4 - Startup: ubisoft register.lnk = F:\program files\Ubi Soft\Rayman3\Register\schedule.exe
          O4 - Global Startup: hpoddt01.exe.lnk = ?
          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
          O4 - Global Startup: officejet 6100.lnk = ?
          O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
          O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
          O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
          O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
          O8 - Extra context menu item: Openen in een nieuwe achtergrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?8ff5ad232525419695a72668659cbdaf
          O8 - Extra context menu item: Openen in een nieuwe voorgrondtab - res://C:\Program Files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?8ff5ad232525419695a72668659cbdaf
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
          O14 - IERESET.INF: START_PAGE_URL=http://www.compaqnet.be
          O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://13prinses13.spaces.live.com/PhotoUpload/MsnPUpld.cab
          O17 - HKLM\System\CCS\Services\Tcpip\..\{CBFB01F0-E220-4B4B-9C91-54D5B27B76B1}: NameServer = 195.121.1.34,195.121.1.66
          O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
          O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
          O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
          O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
          O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
          O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
          O23 - Service: Windows iNET Time (fag) - Unknown owner - C:\WINDOWS\system32\drivers\etc\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\taskmqr.exe (file missing)
          O23 - Service: Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
          O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
          O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
          O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\dllcache\Fonts.{BD84B380-8CA2-1069-AB1D-08000948F534}\nvsvc.exe (file missing)
          O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
          O24 - Desktop Component 0: (no name) - http://www.123spelen.nl/img/back_midden.gif

          --
          End of file - 8238 bytes
          • Citaat

          Comment

          • #6
            Ik zie,
            (Avast Anti-virus actief) en (Norton Anti-virus actief) , mag ik vragen welke scanner je standaard scanner is ?
            1 AV scanner is voldoende , zet de andere uit iig.

            Windows 10 opstarten in Veilige Modus
            • Citaat

            Comment

            Vorige template Volgende
            Sorry, you are not authorized to view this page
            Working...
            X